Breaches

European firms underprepared for cyber security breach, survey finds

Two fifths of European firms are grossly underprepared for a cyber security breach, new research has uncovered.

According to a study by Pierre Audoin Consultants (PAC), 86 per cent of European countries feel they are prepared for security breach, despite the fact that almost 40 per cent of them do not even have a strategic response plan in place. Moreover, 22 per cent of organisations said they have no technology in place to assist with responding to a data breach.

The research also found that less than a third (30 per cent) of firms with Incident Response (IR) solutions in place actually test and update them more than once a month.

The complacency in this area is made more concerning by the fact that 67 per cent of respondents said their business had experienced a breach in the last year. Furthermore, the researchers said that the average direct costs of a data breach – not including internal staffing and loss of business and reputation – is €75,000.

Resilient Systems, FireEye, HP and Telefonica all co-sponsored the survey, which questioned 200 senior IT leaders from companies with more than 1,000 employees in the UK, France and Germany.

The survey found that on average the businesses spend 77 per cent of their security budgets on prevention and detection technology. However, spend is moving towards Incident Response capabilities – growing from 23 per cent today to 39 per cent in two years.

Duncan Brown, Research Director at PAC and lead author of the study, said: “Organisations are realising that cyber breaches are inevitable – but focusing on improving response can ensure breaches are survivable. We’re encouraged to see that organisations are investing more in the tools, processes, and people needed for effective and fast Incident Response.”